General
-
Target
SecuriteInfo.com.Win64.PWSX-gen.5874.22719.exe
-
Size
551KB
-
Sample
221208-ry56asac67
-
MD5
599f3da4fcceeff012fb72ed22ba20f1
-
SHA1
f93448764fccbf21b2f94711bf09310809298e43
-
SHA256
630ea8ccea4f9f5667c356a897a037538288d57b4ca6464b3d90d17f3ba182d1
-
SHA512
5384fd2d4d6f735c0e92d6ab64312dcf5d40497995fbdaf76433b9f149f998802bf751b12bbbcdde918ad9e7e87eff40c6d76fa0b443c96e1b710769b2df75e9
-
SSDEEP
12288:JuN7XJPGa/5LplH5PN3r86eXEONa9iJ8jr4H:Juj+4zZO6Qnyn
Malware Config
Extracted
formbook
4.1
urde
belleriacortland.com
gxzyykx.com
blocksholding.net
zhangjiyuan.com
tyfinck.com
xn--v9s.club
xn--72c9at8ec1l.com
dorismart.online
nocodeuni.com
hmmprocesos.website
quartile.agency
iansdogname.com
karengillen.com
the-bitindexprime.info
nthanisolutions.com
nakamu.online
sahityanepal.com
sinwinindustry.com
shotblastwearingparts.com
nstsuccess.com
Targets
-
-
Target
SecuriteInfo.com.Win64.PWSX-gen.5874.22719.exe
-
Size
551KB
-
MD5
599f3da4fcceeff012fb72ed22ba20f1
-
SHA1
f93448764fccbf21b2f94711bf09310809298e43
-
SHA256
630ea8ccea4f9f5667c356a897a037538288d57b4ca6464b3d90d17f3ba182d1
-
SHA512
5384fd2d4d6f735c0e92d6ab64312dcf5d40497995fbdaf76433b9f149f998802bf751b12bbbcdde918ad9e7e87eff40c6d76fa0b443c96e1b710769b2df75e9
-
SSDEEP
12288:JuN7XJPGa/5LplH5PN3r86eXEONa9iJ8jr4H:Juj+4zZO6Qnyn
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-